Skip to content

Latest commit

 

History

History
1042 lines (725 loc) · 70.8 KB

CHANGELOG.md

File metadata and controls

1042 lines (725 loc) · 70.8 KB

Changelog

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog. This project adheres to Semantic Versioning.

Added

  • ForeignField-based representation of scalars via ScalarField o1-labs#1705
  • Introduced new V2 methods for nullifier operations: isUnusedV2(), assertUnusedV2(), and setUsedV2() o1-labs#1715

Deprecated

  • Deprecated Nullifier.isUnused(), Nullifier.assertUnused(), and Nullifier.setUsed() methods o1-labs#1715

Fixed

  • Fix reversed order of account updates when using TokenContract.approveAccountUpdates() o1-labs#1722
  • Fixed the static check() method in Struct classes to properly handle inheritance, preventing issues with under-constrained circuits. Added error handling to avoid using Struct directly as a field type. o1-labs#1707

1.4.0 - 2024-06-25

Added

  • SHA256 low-level API exposed via Gadgets.SHA256. o1-labs#1689 @Shigoto-dev19
  • Added the option to specify custom feature flags for sided loaded proofs in the DynamicProof class. o1-labs#1688
    • Feature flags are required to tell Pickles what proof structure it should expect when side loading dynamic proofs and verification keys.
    • FeatureFlags is now exported and provides a set of helper functions to compute feature flags correctly.

Deprecated

  • MerkleMap.computeRootAndKey() deprecated in favor of MerkleMap.computeRootAndKeyV2() due to a potential issue of computing hash collisions in key indicies o1-labs#1694
  • createEcdsa, createForeignCurve, ForeignCurve and EcdsaSignature deprecated in favor of V2 versions due to a security vulnerability found in the current implementation o1-labs#1703

1.3.1 - 2024-06-11

Breaking Changes

  • Improve efficiency of Experimental.OffchainState implementation o1-labs#1672
    • Comes with breaking changes to the internal circuits of OffchainState
    • Also, introduce offchainState.commitments() to initialize the state commitments onchain. Using OffchainStateCommitments.empty() no longer works.

Added

  • Experimental.IndexedMerkleMap, a better primitive for Merkleized storage o1-labs#1666 o1-labs#1671
    • Uses 4-8x fewer constraints than MerkleMap
    • In contrast to MerkleTree and MerkleMap, IndexedMerkleMap has a high-level API that can be used in provable code
  • Added Ecdsa.verifyV2() and Ecdsa.verifySignedHashV2 methods to the Ecdsa class. o1-labs#1669

Deprecated

  • Int64.isPositive() and Int64.mod() deprecated because they behave incorrectly on -0 o1-labs#1660
    • This can pose an attack surface, since it is easy to maliciously pick either the +0 or the -0 representation
    • Use Int64.isPositiveV2() and Int64.modV2() instead
    • Also deprecated Int64.neg() in favor of Int64.negV2(), for compatibility with v2 version of Int64 that will use Int64.checkV2()
  • Ecdsa.verify() and Ecdsa.verifySignedHash() deprecated in favor of Ecdsa.verifyV2() and Ecdsa.verifySignedHashV2() due to a security vulnerability found in the current implementation o1-labs#1669

Fixed

  • Fix handling of fetch response for non-existing accounts o1-labs#1679

1.3.0 - 2024-05-23

Added

  • Added base64Encode() and base64Decode(byteLength) methods to the Bytes class. o1-labs#1659

Fixes

  • Fix type inference for method.returns(Type), to require a matching return signature o1-labs#1653
  • Fix Struct.empty() returning a garbage object when one of the base types doesn't support empty() o1-labs#1657
  • Fix Option.value_exn None error when using certain custom gates in combination with recursion o1-labs#1336 MinaProtocol/mina#15588

1.2.0 - 2024-05-14

Added

  • Offchain state MVP exported under Experimental.OffchainState o1-labs#1630 o1-labs#1652
    • allows you to store any number of fields and key-value maps on your zkApp
    • implemented using actions which define an offchain Merkle tree
  • Option for defining an optional version of any provable type o1-labs#1630
  • MerkleTree.clone() and MerkleTree.getLeaf(), new convenience methods for merkle trees o1-labs#1630
  • MerkleList.forEach(), a simple and safe way for iterating over a MerkleList
  • Unconstrained.provableWithEmpty() to create an unconstrained provable type with a known empty() value o1-labs#1630
  • Permissions.VerificationKey, a namespace for verification key permissions o1-labs#1639
    • Includes more accurate names for the impossible and proof permissions for verification keys, which are now called impossibleDuringCurrentVersion and proofDuringCurrentVersion respectively.

Changed

  • State() now optionally accepts an initial value as input parameter o1-labs#1630
    • Example: @state(Field) x = State(Field(1));
    • Initial values will be set in the default init() method
    • You no longer need a custom init() method to set initial values

Fixes

  • Fix absolute imports which prevented compilation in some TS projects that used o1js o1-labs#1628

1.1.0 - 2024-04-30

Added

Changed

  • Gadgets.rangeCheck64() now returns individual range-checked limbs for advanced use cases o1-labs#1229

Fixed

  • Fixed issue in UInt64.rightShift() where it incorrectly performed a left shift instead of a right shift. o1-labs#1617
  • Fixed issue in ForeignField.toBits() where high limbs were under-constrained for input length less than 176. o1-labs#1617
  • Make dummyBase64Proof() lazy. Significant speed up when generating many account updates with authorization Proof while proofs turned off. o1-labs#1624

1.0.1 - 2024-04-22

Breaking changes

  • Native curve improvements o1-labs#1530
    • Change the internal representation of Scalar from 255 Bools to 1 Bool and 1 Field (low bit and high 254 bits)
    • Make Group.scale() support all scalars (previously did not support 0, 1 and -1)
    • Make Group.scale() directly accept Field elements, and much more efficient than previous methods of scaling by Fields
      • As a result, Signature.verify() and Nullifier.verify() use much fewer constraints
    • Fix Scalar.fromBits() to not produce a shifted scalar; shifting is no longer exposed to users of Scalar.
  • Add assertion to the foreign EC addition gadget that prevents degenerate cases o1-labs#1545
    • Fixes soundness of ECDSA; slightly increases its constraints from ~28k to 29k
    • Breaks circuits that used EC addition, like ECDSA
  • Mina.LocalBlockchain() and Proof.fromJSON() are made async o1-labs#1583
    • These were the last remaining sync APIs that depended on an async setup task; making them async enables removing top-level await
  • Mina.LocalBlockchain no longer supports the network kind configuration o1-labs#1581
  • Poseidon.hashToGroup() now returns a Group directly, and constrains it to be deterministic o1-labs#1546
    • Added Poseidon.Unsafe.hashToGroup() as a more efficient, non-deterministic version for advanced use cases
  • A Transaction's prove method no longer returns the proofs promise directly, but rather returns a Transaction promise, the resolved value of which contains a proofs prop. o1-labs#1567
  • The Transaction type now has two type params Proven extends boolean and Signed extends boolean, which are used to conditionally show/hide relevant state. o1-labs#1567
  • Improved functionality of MerkleList and MerkleListIterator for easier traversal of MerkleLists. o1-labs#1562
  • Simplified internal logic of reducer. o1-labs#1577
    • contract.getActions() now returns a MerkleList
  • Add toValue() and fromValue() interface to Provable<T> to encode how provable types map to plain JS values o1-labs#1271
    • You can now return the plain value from a Provable.witness() callback, and it will be transformed into the provable type
  • Remove Account() constructor which was no different from AccountUpdate.create().account, and export Account type instead. o1-labs#1598

Added

  • Export Events under AccountUpdate.Events. o1-labs#1563
  • Mina.transaction has been reworked such that one can call methods directly on the returned promise (now a TransactionPromise). This enables a fluent / method-chaining API. o1-labs#1567
  • TransactionPendingPromise enables calling wait directly on the promise returned by calling send on a Transaction. o1-labs#1567
  • initializeBindings() to explicitly trigger setup work that is needed when running provable code o1-labs#1583
    • calling this function is optional

Changed

  • Remove top-level await o1-labs#1583
    • To simplify integration with bundlers like webpack
  • Make MerkleTree.{nodes,zeroes} public properties o1-labs#1555
    • This makes it possible to clone merkle trees, which is often needed

Fixed

  • Fix error when computing Merkle map witnesses, introduced in the last version due to the toBits() change o1-labs#1559
  • Improved error message when compiling a program that has no methods. o1-labs#1563

0.18.0 - 2024-04-09

Breaking changes

  • Async circuits. Require all smart contract and zkprogram methods to be async o1-labs#1477
    • This change allows you to use await inside your methods. Change the method signature by adding the async keyword.
    • Don't forget to add await to all contract calls! await MyContract.myMethod();
    • To declare a return value from a method, use the new @method.returns() decorator
  • Require the callback to Mina.transaction() to be async o1-labs#1468
  • Change {SmartContract,ZkProgram}.analyzeMethods() to be async o1-labs#1450
    • Provable.runAndCheck(), Provable.constraintSystem() and {SmartContract,ZkProgram}.digest() are also async now
  • Remove deprecated APIs
    • Remove CircuitValue, prop, arrayProp and matrixProp o1-labs#1507
    • Remove Mina.accountCreationFee(), Mina.BerkeleyQANet, all APIs which accept private keys for feepayers, Token, AccountUpdate.tokenSymbol, SmartContract.{token, setValue, setPermissions}, "assert" methods for preconditions, MerkleTee.calculateRootSlow(), Scalar.fromBigInt(), UInt64.lt() and friends, deprecated static methods on Group, utility methods on Circuit like Circuit.if(), Field.isZero(), isReady and shutdown() o1-labs#1515
  • Remove privateKey from the accepted arguments of SmartContract.deploy() o1-labs#1515
  • Efficient comparisons. Support arbitrary bit lengths for Field comparisons and massively reduce their constraints o1-labs#1523
    • Field.assertLessThan() goes from 510 to 24 constraints, Field.lessThan() from 509 to 38
    • Moderately improve other comparisons: UInt64.assertLessThan() from 27 to 14, UInt64.lessThan() from 27 to 15, UInt32 similar.
    • Massively improve Field.isEven(), add Field.isOdd()
    • PrivateKey.toPublicKey() from 358 to 119 constraints thanks to isOdd()
    • Add Gadgets.ForeignField.assertLessThanOrEqual() and support two variables as input to ForeignField.assertLessThan()
  • Remove this.sender which unintuitively did not prove that its value was the actual sender of the transaction o1-labs#1464 @julio4 Replaced by more explicit APIs:
    • this.sender.getUnconstrained() which has the old behavior of this.sender, and returns an unconstrained value (which means that the prover can set it to any value they want)
    • this.sender.getAndRequireSignature() which requires a signature from the sender's public key and therefore proves that whoever created the transaction really owns the sender account
  • Reducer.reduce() requires the maximum number of actions per method as an explicit (optional) argument o1-labs#1450
    • The default value is 1 and should work for most existing contracts
  • new UInt64() and UInt64.from() no longer unsafely accept a field element as input. o1-labs#1438 @julio4
    As a replacement, UInt64.Unsafe.fromField() was introduced
    • This prevents you from accidentally creating a UInt64 without proving that it fits in 64 bits
    • Equivalent changes were made to UInt32
  • Fixed vulnerability in Field.to/fromBits() outlined in #1023 by imposing a limit of 254 bits o1-labs#1461
  • Remove Field.rangeCheckHelper() which was too low-level and easy to misuse o1-labs#1485
    • Also, rename the misleadingly named Gadgets.isInRangeN() to Gadgets.isDefinitelyInRangeN()
  • Rename Bool.Unsafe.ofField() to Bool.Unsafe.fromField() o1-labs#1485
  • Replace the namespaced type exports Gadgets.Field3 and Gadgets.ForeignField.Sum with Field3 and ForeignFieldSum
    • Unfortunately, the namespace didn't play well with auto-imports in TypeScript
  • Add Gadgets.rangeCheck3x12() and fix proof system bug that prevented it from working o1-labs#1534
  • Update transaction version and other bindings changes to ensure berkeley compatibility o1-labs#1542

Added

  • Provable.witnessAsync() to introduce provable values from an async callback o1-labs#1468
  • Internal benchmarking tooling to keep track of performance o1-labs#1481
  • Add toInput method for Group instance o1-labs#1483

Changed

  • field.assertBool() now also returns the Field as a Bool for ergonomics o1-labs#1523

0.17.0 - 2024-03-06

Breaking changes

  • Fixed parity between Mina.LocalBlockchain and Mina.Network to have the same behaviors o1-labs#1422 o1-labs#1480
    • Changed the TransactionId type to Transaction. Additionally added PendingTransaction and RejectedTransaction types to better represent the state of a transaction.
    • Transaction.safeSend() and PendingTransaction.safeWait() are introduced to return a IncludedTransaction or RejectedTransaction object without throwing errors.
    • transaction.send() throws an error if the transaction was not successful for both Mina.LocalBlockchain and Mina.Network and returns a PendingTransaction object if it was successful. Use transaction.safeSend to send a transaction that will not throw an error and either return a PendingTransaction or RejectedTransaction.
    • transaction.wait() throws an error if the transaction was not successful for both Mina.LocalBlockchain and Mina.Network and returns a IncludedTransaction object if it was successful. Use transaction.safeWait to send a transaction that will not throw an error and either return a IncludedTransaction or RejectedTransaction.
    • transaction.hash() is no longer a function, it is now a property that returns the hash of the transaction.
    • Changed Transaction.isSuccess to Transaction.status to better represent the state of a transaction.
  • Improved efficiency of computing AccountUpdate.callData by packing field elements into as few field elements as possible o1-labs#1458
    • This leads to a large reduction in the number of constraints used when inputs to a zkApp method are many field elements (e.g. a long list of Bools)
  • Return events in the LocalBlockchain in reverse chronological order (latest events at the beginning) to match the behavior of the Network o1-labs#1460

Added

  • Support for custom network identifiers other than mainnet or testnet o1-labs#1444
  • PrivateKey.randomKeypair() to generate private and public key in one command o1-labs#1446
  • setNumberOfWorkers() to allow developer to override the number of workers used during compilation and proof generation/verification o1-labs#1456

Changed

  • Improve all-around performance by reverting the Apple silicon workaround (o1-labs#683) as the root problem is now fixed upstream o1-labs#1456
  • Improved error message when trying to use fetchActions/fetchEvents with a missing Archive Node endpoint o1-labs#1459

Deprecated

  • SmartContract.token is deprecated in favor of new methods on TokenContract o1-labs#1446
    • TokenContract.deriveTokenId() to get the ID of the managed token
    • TokenContract.internal.{send, mint, burn} to perform token operations from within the contract

Fixed

  • Mitigate security hazard of deploying token contracts o1-labs#1439
  • Make Circuit handle types with a .provable property (like those used in ECDSA) o1-labs#1471
    • To support offchain, non-Pickles proofs of ECDSA signatures

Breaking changes

  • Remove AccountUpdate.children and AccountUpdate.parent properties o1-labs#1402
    • Also removes the optional AccountUpdatesLayout argument to approve()
    • Adds AccountUpdateTree and AccountUpdateForest, new classes that represent a layout of account updates explicitly
    • Both of the new types are now accepted as inputs to approve()
    • accountUpdate.extractTree() to obtain the tree associated with an account update in the current transaction context.
  • Remove Experimental.Callback API o1-labs#1430

Added

  • MerkleList<T> to enable provable operations on a dynamically-sized list o1-labs#1398
    • including MerkleListIterator<T> to iterate over a merkle list
  • TokenContract, a new base smart contract class for token contracts o1-labs#1384
    • Usage example: https://github.com/o1-labs/o1js/blob/main/src/lib/mina/token/token-contract.unit-test.ts
  • TokenAccountUpdateIterator, a primitive to iterate over all token account updates in a transaction o1-labs#1398
    • this is used to implement TokenContract under the hood

Fixed

Breaking changes

  • Protocol change that adds a "transaction version" to the permission to set verification keys MinaProtocol/mina#14407
    • See the relevant RFC for the motivation behind this change
    • Breaks all deployed contracts, as it changes the account update layout

Added

  • Provable type Packed<T> to pack small field elements into fewer field elements o1-labs#1376
  • Provable type Hashed<T> to represent provable types by their hash o1-labs#1377
    • This also exposes Poseidon.hashPacked() to efficiently hash an arbitrary type

Changed

  • Reduce number of constraints of ECDSA verification by 5% o1-labs#1376

Changed

  • Improve performance of Wasm Poseidon hashing by a factor of 13x o1-labs#1378
    • Speeds up local blockchain tests without proving by ~40%
  • Improve performance of Field inverse o1-labs#1373
    • Speeds up proving by ~2-4%

Added

  • Configurable networkId when declaring a Mina instance. o1-labs#1387
    • Defaults to "testnet", the other option is "mainnet"
    • The networkId parameter influences the algorithm used for signatures, and ensures that testnet transactions can't be replayed on mainnet

Added

  • SHA256 hash function exposed via Hash.SHA2_256 or Gadgets.SHA256. o1-labs#1285

Changed

  • Mina.accountCreationFee() is deprecated in favor of Mina.getNetworkConstants().accountCreationFee. o1-labs#1367
    • Mina.getNetworkConstants() returns:
      • default network constants if used outside of the transaction scope.
      • actual network constants if used within the transaction scope.

Fixed

  • Fix approving of complex account update layouts o1-labs#1364

Fixed

  • Fix bug in Hash.hash() which always resulted in an error o1-labs#1346

Breaking changes

  • Rename Gadgets.rotate() to Gadgets.rotate64() to better reflect the amount of bits the gadget operates on. o1-labs#1259
  • Rename Gadgets.{leftShift(), rightShift()} to Gadgets.{leftShift64(), rightShift64()} to better reflect the amount of bits the gadget operates on. o1-labs#1259

Added

  • Non-native elliptic curve operations exposed through createForeignCurve() class factory o1-labs#1007
  • ECDSA signature verification exposed through createEcdsa() class factory o1-labs#1240 o1-labs#1007 o1-labs#1307
    • For an example, see ./src/examples/crypto/ecdsa
  • Keccak/SHA3 hash function exposed on Keccak namespace o1-labs#1291
  • Hash namespace which holds all hash functions o1-labs#999
    • Bytes, provable type to hold a byte array, which serves as input and output for Keccak variants
    • UInt8, provable type to hold a single byte, which is constrained to be in the 0 to 255 range
  • Gadgets.rotate32() for rotation over 32 bit values o1-labs#1259
  • Gadgets.leftShift32() for left shift over 32 bit values o1-labs#1259
  • Gadgets.divMod32() division modulo 2^32 that returns the remainder and quotient of the operation o1-labs#1259
  • Gadgets.rangeCheck32() range check for 32 bit values o1-labs#1259
  • Gadgets.addMod32() addition modulo 2^32 o1-labs#1259
  • Expose new bitwise gadgets on UInt32 and UInt64 o1-labs#1259
    • bitwise XOR via {UInt32, UInt64}.xor()
    • bitwise NOT via {UInt32, UInt64}.not()
    • bitwise ROTATE via {UInt32, UInt64}.rotate()
    • bitwise LEFTSHIFT via {UInt32, UInt64}.leftShift()
    • bitwise RIGHTSHIFT via {UInt32, UInt64}.rightShift()
    • bitwise AND via {UInt32, UInt64}.and()
  • Example for using actions to store a map data structure o1-labs#1300
  • Provable.constraintSystem() and {ZkProgram,SmartContract}.analyzeMethods() return a summary() method to return a summary of the constraints used by a method o1-labs#1007
  • assert() asserts that a given statement is true o1-labs#1285

Fixed

  • Fix stack overflows when calling provable methods with large inputs o1-labs#1334
  • Fix Local.setProofsEnabled() which would not get picked up by deploy() o1-labs#1330
  • Remove usage of private class fields in core types like Field, for better type compatibility between different o1js versions o1-labs#1319

Breaking changes

  • ZkProgram.compile() now returns the verification key and its hash, to be consistent with SmartContract.compile() o1-labs#1292 @rpanic

Added

  • Foreign field arithmetic exposed through the createForeignField() class factory o1-labs#985
  • Crypto namespace which exposes elliptic curve and finite field arithmetic on bigints, as well as example curve parameters o1-labs#1240
  • Gadgets.ForeignField.assertMul() for efficiently constraining products of sums in non-native arithmetic o1-labs#1262
  • Unconstrained for safely maintaining unconstrained values in provable code o1-labs#1262
  • Gadgets.rangeCheck8() to assert that a value fits in 8 bits o1-labs#1288

Changed

  • Change precondition APIs to use "require" instead of "assert" as the verb, to distinguish them from provable assertions. @LuffySama-Dev
    • this.x.getAndAssertEquals() is now this.x.getAndRequireEquals() o1-labs#1263
    • this.x.assertEquals(x) is now this.x.requireEquals(x) o1-labs#1263
    • this.account.x.getAndAssertEquals(x) is now this.account.x.requireEquals(x) o1-labs#1265
    • this.account.x.assertBetween() is now this.account.x.requireBetween() o1-labs#1265
    • this.network.x.getAndAssertEquals() is now this.network.x.getAndRequireEquals() o1-labs#1265
  • Provable.constraintSystem() and {ZkProgram,SmartContract}.analyzeMethods() return a print() method for pretty-printing the constraint system o1-labs#1240

Fixed

  • Fix missing recursive verification of proofs in smart contracts o1-labs#1302

Breaking changes

  • Change return signature of ZkProgram.analyzeMethods() to be a keyed object o1-labs#1223

Added

  • Provable non-native field arithmetic:
    • Gadgets.ForeignField.{add, sub, sumchain}() for addition and subtraction o1-labs#1220
    • Gadgets.ForeignField.{mul, inv, div}() for multiplication and division o1-labs#1223
  • Comprehensive internal testing of constraint system layouts generated by new gadgets o1-labs#1241 o1-labs#1220

Changed

  • Lightnet namespace API updates with added listAcquiredKeyPairs() method o1-labs#1256
  • Expose raw provable methods of a ZkProgram on zkProgram.rawMethods o1-labs#1241
  • Reduce number of constraints needed by rotate(), leftShift() and, rightShift() gadgets o1-labs#1201

Fixed

  • Add a parameter to checkZkappTransaction for block length to check for transaction inclusion. This fixes a case where Transaction.wait() only checked the latest block, which led to an error once the transaction was included in a block that was not the latest. o1-labs#1239

Added

  • Gadgets.not(), new provable method to support bitwise not. o1-labs#1198
  • Gadgets.leftShift() / Gadgets.rightShift(), new provable methods to support bitwise shifting. o1-labs#1194
  • Gadgets.and(), new provable method to support bitwise and. o1-labs#1193
  • Gadgets.multiRangeCheck() and Gadgets.compactMultiRangeCheck(), two building blocks for non-native arithmetic with bigints of size up to 264 bits. o1-labs#1216

Fixed

  • Removed array reversal of fetched actions, since they are returned in the correct order. o1-labs#1258

Breaking changes

  • Constraint optimizations in Field methods and core crypto changes break all verification keys o1-labs#1171 o1-labs#1178

Changed

  • ZkProgram has moved out of the Experimental namespace and is now available as a top-level import directly. Experimental.ZkProgram has been deprecated.
  • ZkProgram gets a new input argument name: string which is required in the non-experimental API. The name is used to identify a ZkProgram when caching prover keys. o1-labs#1200

Added

  • Lightnet namespace to interact with the account manager provided by the lightnet Mina network o1-labs#1167
  • Internal support for several custom gates (range check, bitwise operations, foreign field operations) and lookup tables o1-labs#1176
  • Gadgets.rangeCheck64(), new provable method to do efficient 64-bit range checks using lookup tables o1-labs#1181
  • Gadgets.rotate(), new provable method to support bitwise rotation for native field elements. o1-labs#1182
  • Gadgets.xor(), new provable method to support bitwise xor for native field elements. o1-labs#1177
  • Proof.dummy() to create dummy proofs o1-labs#1188
    • You can use this to write ZkPrograms that handle the base case and the inductive case in the same method.

Changed

  • Use cached prover keys in compile() when running in Node.js o1-labs#1187
    • Caching is configurable by passing a custom Cache (new export) to compile()
    • By default, prover keys are stored in an OS-dependent cache directory; ~/.cache/pickles on Mac and Linux
  • Use cached setup points (SRS and Lagrange bases) when running in Node.js o1-labs#1197
    • Also, speed up SRS generation by using multiple threads
    • Together with caching of prover keys, this speeds up compilation time by roughly
      • 86% when everything is cached
      • 34% when nothing is cached

Breaking changes

  • Changes to some verification keys caused by changing the way Struct orders object properties. o1-labs#1124 @Comdex
    • To recover existing verification keys and behavior, change the order of properties in your Struct definitions to be alphabetical
    • The customObjectKeys option is removed from Struct

Changed

  • Improve prover performance by ~25% o1-labs#1092
    • Change internal representation of field elements to be JS bigint instead of Uint8Array
  • Consolidate internal framework for testing equivalence of two implementations

Breaking changes

  • Changes to verification keys caused by updates to the proof system. This breaks all deployed contracts o1-labs#1016

Changed

Added

  • Added a method createTestNullifier to the Nullifier class for testing purposes. It is recommended to use mina-signer to create Nullifiers in production, since it does not leak the private key of the user. The Nullifier.createTestNullifier method requires the private key as an input outside of the users wallet. o1-labs#1026
  • Added field.isEven to check if a Field element is odd or even. o1-labs#1026

Fixed

  • Revert verification key hash change from previous release to stay compatible with the current testnet o1-labs#1032

Breaking Changes

  • Fix the default verification key hash that was generated for AccountUpdates. This change adopts the default mechanism provided by Mina Protocol o1-labs#1021
    • Please be aware that this alteration results in a breaking change affecting the verification key of already deployed contracts.

Fixed

Fixed

Fixed

Breaking changes

  • Group operations now generate a different set of constraints. This breaks deployed contracts, because the circuit changed. o1-labs#967

Added

  • Implemented Nullifier as a new primitive o1-labs#882
    • mina-signer can now be used to generate a Nullifier, which can be consumed by zkApps using the newly added Nullifier Struct

Changed

  • Improve error message Can't evaluate prover code outside an as_prover block o1-labs#998

Fixed

  • Fix unsupported use of window when running o1js in workers o1-labs#1002

Breaking changes

  • Rewrite of Provable.if() causes breaking changes to all deployed contracts o1-labs#889
  • Remove all deprecated methods and properties on Field o1-labs#902
  • The Field(x) constructor and other Field methods no longer accept a boolean as input. Instead, you can now pass in a bigint to all Field methods. o1-labs#902
  • Remove redundant signFeePayer() method o1-labs#935

Added

  • Add field.assertNotEquals() to assert that a field element does not equal some value o1-labs#902
    • More efficient than field.equals(x).assertFalse()
  • Add scalar.toConstant(), scalar.toBigInt(), Scalar.from(), privateKey.toBigInt(), PrivateKey.fromBigInt() o1-labs#935
  • Poseidon.hashToGroup enables hashing to a group o1-labs#887

Changed

  • Make stack traces more readable o1-labs#890
    • Stack traces thrown from o1js are cleaned up by filtering out unnecessary lines and other noisy details
  • Remove optional zkappKey argument in smartContract.init(), and instead assert that provedState is false when init() is called o1-labs#908
  • Improve assertion error messages on Field methods o1-labs#743 o1-labs#902
  • Publicly expose the internal details of the Field type o1-labs#902

Deprecated

  • Utility methods on Circuit are deprecated in favor of the same methods on Provable o1-labs#889
    • Circuit.if(), Circuit.witness(), Circuit.log() and others replaced by Provable.if(), Provable.witness(), Provable.log()
    • Under the hood, some of these methods were rewritten in TypeScript
  • Deprecate field.isZero() o1-labs#902

Fixed

Changed

Breaking Changes

  • All references to actionsHash are renamed to actionState to better mirror what is used in Mina protocol APIs o1-labs#833
    • This change affects function parameters and returned object keys throughout the API
  • No longer make MayUseToken.InheritFromParent the default mayUseToken value on the caller if one zkApp method calls another one; this removes the need to manually override mayUseToken in several known cases o1-labs#863
    • Causes a breaking change to the verification key of deployed contracts that use zkApp composability

Added

  • this.state.getAndAssertEquals() as a shortcut for let x = this.state.get(); this.state.assertEquals(x); o1-labs#863
    • also added .getAndAssertEquals() on this.account and this.network fields
  • Support for fallback endpoints when making network requests, allowing users to provide an array of endpoints for GraphQL network requests. o1-labs#871
    • Endpoints are fetched two at a time, and the result returned from the faster response
  • reducer.forEach(actions, ...) as a shortcut for reducer.reduce() when you don't need a state o1-labs#863
  • New export TokenId which supersedes Token.Id; TokenId.deriveId() replaces Token.Id.getId() o1-labs#863
  • Add Permissions.allImpossible() for the set of permissions where nothing is allowed (more convenient than Permissions.default() when you want to make most actions impossible) o1-labs#863

Changed

  • Massive improvement of memory consumption, thanks to a refactor of o1js' worker usage o1-labs#872
    • Memory reduced by up to 10x; see the PR for details
    • Side effect: Circuit API becomes async, for example MyCircuit.prove(...) becomes await MyCircuit.prove(...)
  • Token APIs this.token.{send,burn,mint}() now accept an AccountUpdate or SmartContract as from / to input o1-labs#863
  • Improve Transaction.toPretty() output by adding account update labels in most methods that create account updates o1-labs#863
  • Raises the limit of actions/events per transaction from 16 to 100, providing users with the ability to submit a larger number of events/actions in a single transaction. o1-labs#883.

Deprecated

  • Deprecate both shutdown() and await isReady, which are no longer needed o1-labs#872

Fixed

  • SmartContract.deploy() now throws an error when no verification key is found o1-labs#885
    • The old, confusing behaviour was to silently not update the verification key (but still update some permissions to "proof", breaking the zkApp)

Fixed

  • Fix fetching the access permission on accounts o1-labs#851
  • Fix fetchActions o1-labs#844 o1-labs#854 @Comdex
  • Updated Mina.TransactionId.isSuccess to accurately verify zkApp transaction status after using Mina.TransactionId.wait(). o1-labs#826
    • This change ensures that the function correctly checks for transaction completion and provides the expected result.

Added

  • smartContract.fetchActions() and Mina.fetchActions(), asynchronous methods to fetch actions directly from an archive node o1-labs#843 @Comdex

Changed

  • Circuit.runAndCheck() now uses snarky to create a constraint system and witnesses, and check constraints. It closely matches behavior during proving and can be used to test provable code without having to create an expensive proof o1-labs#840

Fixed

Breaking changes

  • Circuits changed due to an internal rename of "sequence events" to "actions" which included a change to some hash prefixes; this breaks all deployed contracts.
  • Temporarily reintroduces 2 known issues as a result of reverting a fix necessary for network redeployment:
    • o1-labs#799
    • o1-labs#530
    • Please note that we plan to address these issues in a future release. In the meantime, to work around this breaking change, you can try calling fetchAccount for each account involved in a transaction before executing the Mina.transaction block.
  • Improve number of constraints needed for Merkle tree hashing o1-labs#820
    • This breaks deployed zkApps which use MerkleWitness.calculateRoot(), because the circuit is changed
    • You can make your existing contracts compatible again by switching to MerkleWitness.calculateRootSlow(), which has the old circuit
  • Renamed function parameters: The getAction function now accepts a new object structure for its parameters. o1-labs#828
    • The previous object keys, fromActionHash and endActionHash, have been replaced by fromActionState and endActionState.

Added

  • zkProgram.analyzeMethods() to obtain metadata about a ZkProgram's methods o1-labs#829 @maht0rz

Fixed

  • Improved Event Handling in o1js o1-labs#825
    • Updated the internal event type to better handle events emitted in different zkApp transactions and when multiple zkApp transactions are present within a block.
    • The internal event type now includes event data and transaction information as separate objects, allowing for more accurate information about each event and its associated transaction.
  • Removed multiple best tip blocks when fetching action data o1-labs#817
    • Implemented a temporary fix that filters out multiple best tip blocks, if they exist, while fetching actions. This fix will be removed once the related issue in the Archive-Node-API repository (o1-labs/Archive-Node-API#7) is resolved.
  • New fromActionState and endActionState parameters for fetchActions function in o1js o1-labs#828
    • Allows fetching only necessary actions to compute the latest actions state
    • Eliminates the need to retrieve the entire actions history of a zkApp
    • Utilizes actionStateTwo field returned by Archive Node API as a safe starting point for deriving the most recent action hash
  • Update the zkApp verification key from within one of its own methods, via proof o1-labs#812

Breaking changes

  • Change type of verification key returned by SmartContract.compile() to match VerificationKey o1-labs#812

Fixed

  • Failing Mina.transaction on Berkeley because of unsatisfied constraints caused by dummy data before we fetched account state o1-labs#807
    • Previously, you could work around this by calling fetchAccount() for every account invovled in a transaction. This is not necessary anymore.
  • Update the zkApp verification key from within one of its own methods, via proof o1-labs#812

Fixed

  • getActions to handle multiple actions with multiple Account Updates o1-labs#801

Added

  • Use fetchEvents() to fetch events for a specified zkApp from a GraphQL endpoint that implements this schema. Mina.Network accepts an additional endpoint which points to a GraphQL server. o1-labs#749
    • Use the mina property for the Mina node.
    • Use archive for the archive node.
  • Use getActions to fetch actions for a specified zkApp from a GraphQL endpoint GraphQL endpoint that implements the same schema as fetchEvents. o1-labs#788

Fixed

Added

  • this.network.timestamp is added back and is implemented on top of this.network.globalSlotSinceGenesis o1-labs#755

Changed

  • On-chain value globalSlot is replaced by the clearer currentSlot o1-labs#755
    • currentSlot refers to the slot at which the transaction will be included in a block.
    • the only supported method is currentSlot.assertBetween() because currentSlot.get() is impossible to implement since the value is determined in the future and currentSlot.assertEquals() is error-prone

Fixed

  • Incorrect counting of limit on events and actions o1-labs#758
  • Type error when using Circuit.array in on-chain state or events o1-labs#758
  • Bug when using Circuit.witness outside the prover o1-labs#774

Fixed

  • Bug when using this.<state>.get() outside a transaction o1-labs#754

Added

  • Transaction.fromJSON to recover transaction object from JSON o1-labs#705
  • New precondition: provedState, a boolean which is true if the entire on-chain state of this account was last modified by a proof o1-labs#741
    • Same API as all preconditions: this.account.provedState.assertEquals(Bool(true))
    • Can be used to assert that the state wasn't tampered with by the zkApp developer using non-contract logic, for example, before deploying the zkApp
  • New on-chain value globalSlot, to make assertions about the current time o1-labs#649
    • example: this.globalSlot.get(), this.globalSlot.assertBetween(lower, upper)
    • Replaces network.timestamp, network.globalSlotSinceGenesis and network.globalSlotSinceHardFork. o1-labs#560
  • New permissions:
    • access to control whether account updates for this account can be used at all o1-labs#500
    • setTiming to control who can update the account's timing field o1-labs#685
    • Example: this.permissions.set({ ...Permissions.default(), access: Permissions.proofOrSignature() })
  • Expose low-level view into the PLONK gates created by a smart contract method o1-labs#687
    • MyContract.analyzeMethods().<method name>.gates

Changed

  • BREAKING CHANGE: Modify signature algorithm used by Signature.{create,verify} to be compatible with mina-signer o1-labs#710
    • Signatures created with mina-signer's client.signFields() can now be verified inside a SNARK!
    • Breaks existing deployed smart contracts which use Signature.verify()
  • BREAKING CHANGE: Circuits changed due to core protocol and cryptography changes; this breaks all deployed contracts.
  • BREAKING CHANGE: Change structure of Account type which is returned by Mina.getAccount() o1-labs#741
  • Test accounts hard-coded in LocalBlockchain now have default permissions, not permissions allowing everything. Fixes some unintuitive behaviour in tests, like requiring no signature when using these accounts to send MINA o1-labs#638

Removed

  • Preconditions timestamp and globalSlotSinceHardFork o1-labs#560
    • timestamp is expected to come back as a wrapper for the new globalSlot

Added

  • this.account.<field>.set() as a unified API to update fields on the account o1-labs#643
    • covers permissions, verificationKey, zkappUri, tokenSymbol, delegate, votingFor
    • exists on SmartContract.account and AccountUpdate.account
  • this.sender to get the public key of the transaction's sender o1-labs#652
    • To get the sender outside a smart contract, there's now Mina.sender()
  • tx.wait() is now implemented. It waits for the transactions inclusion in a block o1-labs#645
    • wait() also now takes an optional options parameter to specify the polling interval or maximum attempts. wait(options?: { maxAttempts?: number; interval?: number }): Promise<void>;
  • Circuit.constraintSystemFromKeypair(keypair) to inspect the circuit at a low level o1-labs#529
    • Works with a keypair (prover + verifier key) generated with the Circuit API
  • Mina.faucet() can now be used to programmatically fund an address on the testnet, using the faucet provided by faucet.minaprotocol.com o1-labs#693

Changed

  • BREAKING CHANGE: Constraint changes in sign(), requireSignature() and createSigned() on AccountUpdate / SmartContract. This means that smart contracts using these methods in their proofs won't be able to create valid proofs against old deployed verification keys. o1-labs#637
  • Mina.transaction now takes a public key as the fee payer argument (passing in a private key is deprecated) o1-labs#652
    • Before: Mina.transaction(privateKey, ...). Now: Mina.transaction(publicKey, ...)
    • AccountUpdate.fundNewAccount() now enables funding multiple accounts at once, and deprecates the initialBalance argument
  • New option enforceTransactionLimits for LocalBlockchain (default value: true), to disable the enforcement of protocol transaction limits (maximum events, maximum sequence events and enforcing certain layout of AccountUpdates depending on their authorization) o1-labs#620
  • Change the default send permissions (for sending MINA or tokens) that get set when deploying a zkApp, from signature() to proof() o1-labs#648
  • Functions for making assertions and comparisons have been renamed to their long form, instead of the initial abbreviation. Old function names have been deprecated o1-labs#681
    • .lt -> .lessThan
    • .lte -> .lessThanOrEqual
    • .gt -> .greaterThan
    • .gte -> greaterThanOrEqual
    • .assertLt -> .assertLessThan
    • .assertLte -> .assertLessThanOrEqual
    • .assertGt -> .assertGreaterThan
    • .assertGte -> assertGreaterThanOrEqual
    • .assertBoolean -> .assertBool

Deprecated

  • this.setPermissions() in favor of this.account.permissions.set() o1-labs#643
    • this.tokenSymbol.set() in favor of this.account.tokenSymbol.set()
    • this.setValue() in favor of this.account.<field>.set()
  • Mina.transaction(privateKey: PrivateKey, ...) in favor of new signature Mina.transaction(publicKey: PublicKey, ...)
  • AccountUpdate.createSigned(privateKey: PrivateKey) in favor of new signature AccountUpdate.createSigned(publicKey: PublicKey) o1-labs#637
  • .lt, .lte, gt, gte, .assertLt, .assertLte, .assertGt, .assertGte have been deprecated. o1-labs#681

Fixed

  • Fixed Apple silicon performance issue o1-labs#491
  • Type inference for Structs with instance methods o1-labs#567
    • also fixes Struct.fromJSON
  • SmartContract.fetchEvents fixed when multiple event types existed o1-labs#627
  • Error when using reduce with a Struct as state type o1-labs#689
  • Fix use of stale cached accounts in Mina.transaction o1-labs#430

Fixed

  • Bug in deploy() when initializing a contract that already exists o1-labs#588

Deprecated

  • Mina.BerkeleyQANet in favor of the clearer-named Mina.Network o1-labs#588

Added

Fixed

  • Bug in Circuit.log printing account updates o1-labs#578

Fixed

  • Testnet-incompatible signatures in v0.7.0 o1-labs#565

Added

  • Added an optional string parameter to certain assert methods o1-labs#470
  • Struct, a new primitive for declaring composite, SNARK-compatible types o1-labs#416
    • With this, we also added a way to include auxiliary, non-field element data in composite types
    • Added VerificationKey, which is a Struct with auxiliary data, to pass verification keys to a @method
    • BREAKING CHANGE: Change names related to circuit types: AsFieldsAndAux<T> -> Provable<T>, AsFieldElement<T> -> ProvablePure<T>, circuitValue -> provable
    • BREAKING CHANGE: Change all ofFields and ofBits methods on circuit types to fromFields and fromBits
  • New option proofsEnabled for LocalBlockchain (default value: true), to quickly test transaction logic with proofs disabled o1-labs#462
    • with proofsEnabled: true, proofs now get verified locally o1-labs#423
  • SmartContract.approve() to approve a tree of child account updates o1-labs#428 o1-labs#534
    • AccountUpdates are now valid @method arguments, and approve() is intended to be used on them when passed to a method
    • Also replaces Experimental.accountUpdateFromCallback()
  • Circuit.log() to easily log Fields and other provable types inside a method, with the same API as console.log() o1-labs#484
  • SmartContract.init() is a new method on the base SmartContract that will be called only during the first deploy (not if you re-deploy later to upgrade the contract) o1-labs#543
    • Overriding init() is the new recommended way to add custom state initialization logic.
  • transaction.toPretty() and accountUpdate.toPretty() for debugging transactions by printing only the pieces that differ from default account updates o1-labs#428
  • AccountUpdate.attachToTransaction() for explicitly adding an account update to the current transaction. This replaces some previous behaviour where an account update got attached implicitly o1-labs#484
  • SmartContract.requireSignature() and AccountUpdate.requireSignature() as a simpler, better-named replacement for .sign() o1-labs#558

Changed

  • BREAKING CHANGE: tx.send() is now asynchronous: old: send(): TransactionId new: send(): Promise<TransactionId> and tx.send() now directly waits for the network response, as opposed to tx.send().wait() o1-labs#423
  • Sending transactions to LocalBlockchain now involves
  • Circuit.witness can now be called outside circuits, where it will just directly return the callback result o1-labs#484
  • The FeePayerSpec, which is used to specify properties of the transaction via Mina.transaction(), now has another optional parameter to specify the nonce manually. Mina.transaction({ feePayerKey: feePayer, nonce: 1 }, () => {}) o1-labs#497
  • BREAKING CHANGE: Static methods of type .fromString(), .fromNumber() and .fromBigInt() on Field, UInt64, UInt32 and Int64 are no longer supported o1-labs#519
    • use Field(number | string | bigint) and UInt64.from(number | string | bigint)
  • Move several features out of 'experimental' o1-labs#555
    • Reducer replaces Experimental.Reducer
    • MerkleTree and MerkleWitness replace Experimental.{MerkleTree,MerkleWitness}
    • In a SmartContract, this.token replaces this.experimental.token

Deprecated

  • CircuitValue deprecated in favor of Struct o1-labs#416
  • Static props Field.zero, Field.one, Field.minusOne deprecated in favor of Field(number) o1-labs#524
  • SmartContract.sign() and AccountUpdate.sign() in favor of .requireSignature() o1-labs#558

Fixed

  • Uint comparisons and division fixed inside the prover o1-labs#503
  • Callback arguments are properly passed into method invocations o1-labs#516
  • Removed internal type JSONValue from public interfaces o1-labs#536
  • Returning values from a zkApp o1-labs#461

Fixed

  • Callback arguments are properly passed into method invocations o1-labs#516

Fixed

Added

  • reducer.getActions partially implemented for local testing o1-labs#327
  • gte and assertGte methods on UInt32, UInt64 o1-labs#349
  • Return sent transaction hash for RemoteBlockchain o1-labs#399

Changed

  • BREAKING CHANGE: Rename the Party class to AccountUpdate. Also, rename other occurrences of "party" to "account update". o1-labs#393
  • BREAKING CHANGE: Don't require the account address as input to SmartContract.compile(), SmartContract.digest() and SmartContract.analyzeMethods() o1-labs#406
    • This works because the address / public key is now a variable in the method circuit; it used to be a constant
  • BREAKING CHANGE: Move ZkProgram to Experimental.ZkProgram

Fixed

Fixed

Fixed

  • Crash of the web version introduced in 0.5.0
  • Issue with Experimental.MerkleWitness o1-labs#368

Fixed

Added

  • Recursive proofs. RFC: o1-labs#89, PRs: o1-labs#245 o1-labs#250 o1-labs#261
    • Enable smart contract methods to take previous proofs as arguments, and verify them in the circuit
    • Add ZkProgram, a new primitive which represents a collection of circuits that produce instances of the same proof. So, it's a more general version of SmartContract, without any of the Mina-related API.
      ZkProgram is suitable for rollup-type systems and offchain usage of Pickles + Kimchi.
  • zkApp composability -- calling other zkApps from inside zkApps. RFC: o1-labs#303, PRs: o1-labs#285, o1-labs#296, o1-labs#294, o1-labs#297
  • Events support via SmartContract.events, this.emitEvent. RFC: o1-labs#248, PR: o1-labs#272
    • fetchEvents partially implemented for local testing: o1-labs#323
  • Payments: this.send({ to, amount }) as an easier API for sending Mina from smart contracts o1-labs#325
    • Party.send() to transfer Mina between any accounts, for example, from users to smart contracts
  • SmartContract.digest() to quickly compute a hash of the contract's circuit. This is used by the zkApp CLI to figure out whether compile should be re-run or a cached verification key can be used. o1-labs#268
  • Circuit.constraintSystem() for creating a circuit from a function, counting the number of constraints and computing a digest of the circuit o1-labs#279
  • this.account.isNew to assert that an account did not (or did) exist before the transaction MinaProtocol/mina#11524
  • LocalBlockchain.setTimestamp and other setters for network state, to test network preconditions locally o1-labs#329
  • Experimental APIs are now collected under the Experimental import, or on this.experimental in a smart contract.
  • Custom tokens (experimental), via this.token. RFC: o1-labs#233, PR: o1-labs#273,
  • Actions / sequence events support (experimental), via Experimental.Reducer. RFC: o1-labs#265, PR: o1-labs#274
  • Merkle tree implementation (experimental) via Experimental.MerkleTree o1-labs#343

Changed

  • BREAKING CHANGE: Make on-chain state consistent with other preconditions - throw an error when state is not explicitly constrained o1-labs#267
  • CircuitValue improvements o1-labs#269, o1-labs#306, o1-labs#341
    • Added a base constructor, so overriding the constructor on classes that extend CircuitValue is now optional. When overriding, the base constructor can be called without arguments, as previously: super(). When not overriding, the expected arguments are all the @props on the class, in the order they were defined in: new MyCircuitValue(prop1, prop2).
    • CircuitValue.fromObject({ prop1, prop2 }) is a new, better-typed alternative for using the base constructor.
    • Fixed: the overridden constructor is now free to have any argument structure -- previously, arguments had to be the props in their declared order. I.e., the behaviour that's now used by the base constructor used to be forced on all constructors, which is no longer the case.
  • Mina.transaction improvements
    • Support zkApp proofs when there are other account updates in the same transaction block o1-labs#280
    • Support multiple independent zkApp proofs in one transaction block o1-labs#296
  • Add previously unimplemented preconditions, like this.network.timestamp o1-labs#324 MinaProtocol/mina#11577
  • Improve error messages thrown from Wasm, by making Rust's panic log to the JS console MinaProtocol/mina#11644
  • Not user-facing, but essential: Smart contracts fully constrain the account updates they create, inside the circuit o1-labs#278

Fixed

Added

  • Implement the precondition RFC:
    • new fields this.account and this.network on both SmartContract and Party
    • this.<account|network>.<property>.get() to use on-chain values in a circuit, e.g. account balance or block height
    • this.<account|network>.<property>.{assertEqual, assertBetween, assertNothing}() to constrain what values to allow for these
  • CircuitString, a snark-compatible string type with methods like .append() o1-labs#155
  • bool.assertTrue(), bool.assertFalse() as convenient aliases for existing functionality
  • Ledger.verifyPartyProof which can check if a proof on a transaction is valid o1-labs#208
  • Memo field in APIs like Mina.transaction to attach arbitrary messages o1-labs#244
  • This changelog

Changed

Removed

  • Unused functions call and callUnproved, which were embryonic versions of what is now the transaction API to call smart contract methods
  • Some unimplemented fields on SmartContract

Fixed